0

A photocopier vendor I we work with for one of our customers, who has a background in IT networking, was on-site had an issue and discovered that the DNS settings on a particular workstation on the network were incorrect: the primary was set to an IP that didn't exist. The secondary was correct however. This led me to wonder if I should check all the workstations, which are entirely Win 7 Pro. Network OS is Windows Small Business Server 2011. DHCP is provided by a Sonicwall.

As the customer is very remote, I need to find a way to do this without going on-site to check each machine by hand. Is there a tool (ie nmap or something) that can pull the DNS settings from each workstation running on the network for me?

thanks

JP

JP6805
  • 1
  • 2
  • Pull it from the registry via whatever method you have available? Powershell, GPO script, some other tool. http://windowsitpro.com/networking/where-registry-are-entries-dns-servers-located – Zoredache Nov 05 '15 at 23:51
  • Thanks for that link. Yes, "some other tool", if anyone knows. – JP6805 Nov 06 '15 at 21:48

3 Answers3

1

You should be able to get the information using Powershell to read the DNSServerSearchOrder via WMI. Assuming you have the list of computers you want to scan in a text file...

$strFilter = "computer"

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.SearchScope = "Subtree" 
$objSearcher.PageSize = 1000 

$objSearcher.Filter = "(objectCategory=$strFilter)"

$colResults = $objSearcher.FindAll()

foreach ($i in $colResults) 
    {
        $objComputer = $i.GetDirectoryEntry()
        $networkAdapter = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Property DNSServerSearchOrder -ComputerName $objComputer.Name -Filter "IPEnabled='True'"
        $computer = New-Object PSObject -Property @{
            ComputerName = $objComputer.Name
            DNSServer = $networkAdapter.DNSServerSearchOrder
        }

        Write-Output $computer
    }

Code to loop through AD is taken from here.

Mike1980
  • 1,018
  • 7
  • 15
0

Rather than pulling the DNS settings for their workstations, why not use Group Policy to set the settings like you want across their domain? You'll likely end up using that to enforce the fix anyway. You should also check the DHCP settings on the Sonicwall to make sure you're handing out the addresses you want.

ceskib
  • 761
  • 1
  • 9
  • 24
  • I understand exactly what you're trying to say, which is why I mentioned that the Sonicwall is providing DHCP, as I knew some would get the implication as you did. For now however, I still would like an answer to my original question for curiosity's sake, as well as cost. – JP6805 Nov 05 '15 at 21:54
0

Short - Who cares what they are currently set to, just make sure they are set correctly

You should really be doing this via DHCP settings, since this is exactly what the scope settings are defined for. AFAIK, you cannot define DNS servers through a group policy object. You can use a batch file to do it though, and deploy it as a logon script:

@echo off
interface ip set dns “Local Area Connection” static 192.168.1.5
interface ip set dns “Local Area Connection” static 192.168.1.6 index=2

You may have to alter "Local Area Connection" to fit your adapter name if it is a wireless adapter, or if the PCs have multiple LAN cards.

I would just push this script and not waste any time trying to see what the PCs are currently set to. Push to values you want them to be and be done with it.

I successfully used this a while back when we changed out both DNS servers within a few weeks of each other as part of a major upgrade.

Lee Harrison
  • 486
  • 1
  • 5
  • 19